FortiWeb <=8.2 NULL Ptr Crash via HTTP: CVE-2026-24641 March 2026

A NULL Pointer Dereference vulnerability [CWE-476] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker to crash the HTTP daemon via crafted HTTP requests.

Vulnerability Analysis

CVE-2026-24641 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

HIGH

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

NONE

Integrity Impact:

NONE

Availability Impact:

LOW

Weakness Type

NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.

Products Associated with CVE-2026-24641

Want to know whenever a new CVE is published for Fortinet FortiWeb? stack.watch will email you.

FortiWeb <=8.2 NULL Ptr Crash via HTTP
CVE-2026-24641 Published on March 10, 2026

Vulnerability Analysis

Weakness Type

NULL Pointer Dereference

Products Associated with CVE-2026-24641

Affected Versions

FortiWeb <=8.2 NULL Ptr Crash via HTTPCVE-2026-24641 Published on March 10, 2026

Vulnerability Analysis

Weakness Type

NULL Pointer Dereference

Products Associated with CVE-2026-24641

Affected Versions

FortiWeb <=8.2 NULL Ptr Crash via HTTP
CVE-2026-24641 Published on March 10, 2026